Practical 365

Analyzing Copilot’s Zero-Day, M365 Local & Copilot Agents: Practical 365 Podcast S4 E41

Post author:By Steve Goodman

In this Episode of the Practical 365 podcast, Steve and Paul deep dive into the Microsoft 365 Copilot exploit, "Echo Leak," discussing its implications for AI safeguards and the future of agentic AI. The conversation then shifts to a recent global outage affecting Google and Cloudflare, highlighting the challenges of maintaining hyperscale services. We also examine Microsoft's new initiative to offer containerized M365 instances in Europe, addressing concerns over data sovereignty. Finally, they discuss the latest advancements in Copilot agents, emphasizing the importance of understanding AI reasoning.

Podcasts

July 14, 2025

Investigating Mailbox Breaches with the Graph Activity Log

Post author:By Mezba Uddin

In this article, we guide you through the process of using the Graph Activity Log and Kusto Query Language (KQL) to hunt for common indicators of mailbox compromise, with useful tips along the way.

Blog

July 9, 2025

Practical Graph: Tracking Critical App Actions Through Audit Events

Post author:By Tony Redmond

App management audit events are captured when changes are made to Entra registered and enterprise apps. Critical app management audit events should be closely monitored to ensure that permissions are used properly and attackers haven't attempted to penetrate the tenant to extract data. This article explains how to find and analyze audit data for some critical app management audit events and run the code as an Azure Automation runbook.

Entra ID

July 8, 2025

Practical Protection: Power Platform Environment Security

Post author:By Paul Robichaux

In this episode of Practical Protection, we explore securing Power Platform environments, covering the basics of environment isolation, governance strategies, and lifecycle management.

Blog

July 7, 2025

One comment

How to Keep Defender Up to Date

Post author:By Thijs Lecomte

Updating Defender for Endpoint is quite complex, as the process differs between each operating system, and not all updates are alike. In this blog, we explore how to manage updates effectively on each platform, with practical tips throughout.

Blog

July 1, 2025

Practical Graph: Assigning Sensitivity Labels to SharePoint Files with the PowerShell SDK

Post author:By Tony Redmond

A new Set-MgDriveItemSensitivityLabel cmdlet makes it easier to assign sensitivity labels in PowerShell scripts. However, the cmdlet does not get around the restriction imposed by Microsoft on using metered APIs. Apps still must be registered as Azure resources before scripts can run the cmdlet. It's easy to understand why, even if it seems strange at first.

PowerShell

June 30, 2025

2 Comments

A Microsoft 365 Administrator’s Beginner’s Guide to Copilot Studio

Post author:By Lewis Baybutt

There's a lot to learn about Copilot Studio, especially for hard-pressed Microsoft 365 tenant administrators who already have too much work to do. This article gives administrators the essential details that they should consider as Copilot agents become more interesting to their organization.

Blog

June 25, 2025

2 Comments

Automatically Generate Maester Tests for Conditional Access

Post author:By Jasper Baes

In this blog, we dive into Jasper Baes' Conditional Access Validator, open-source PowerShell tool that automatically generates Maester tests for Conditional Access.

Security

June 24, 2025

3 Comments

Practical Graph: Finding Owners for Ownerless Apps from Audit Data

Post author:By Tony Redmond

When administrators create new Entra ID apps, the apps don't have an owner unless an owner is explicitly assigned. The net result is that a tenant can end up with many ownerless apps. In this article, we explain how to find ownerless apps, and how to use audit data to find suitable owners for those apps. All done with PowerShell, of course.

Entra ID

June 23, 2025

3 Comments

Practical Graph: Using PowerShell to Create and Run eDiscovery Cases

Post author:By Tony Redmond

The new Purview eDiscovery implementation supports a Graph API. Where there's a Graph API, there are PowerShell cmdlets based on the API. This article explains how to use PowerShell to automate different aspects of eDiscovery cases. PowerShell can't review the items found by searches, but it can handle most of the other processing.

Blog

June 18, 2025

Practical Protection: Getting Started with Graph Threat Hunting

Post author:By Paul Robichaux

In this episode of Practical Protection, we dive into the basics of Threat Hunting, tools you can use, and even some DIY hunting advice.

Blog

June 17, 2025

Active Directory Security and Configuration Best Practices with Victor King: Practical 365 Podcast S04E40

Post author:By Steve Goodman

In this episode, Steve Goodman and Bastiaan Verdonk interview Victor King from Quest Software, on best practices for Active Directory security. They discuss identifying misconfigurations, managing privileged access, and continuous environmental monitoring.

Blog

June 16, 2025

What's Trending

Subscribe

Subscribe for Practical 365 updates

Latest Posts